You are here

Dell Ships PCs With Massive Security Risk

Dell has confirmed it shipped computers with a major built-in security flaw. The unintentional move
could expose users to a significant risk of hackers accessing their personal data.

The issue at hand deals with an exploit in the secure sockets layer (SSL).
Specifically, Dell has inadvertently shipped PCs and laptops with both a trusted
root certificate and key, when only the trusted certificate should have been
allowed.

The idea behind the mishap was to help identify Dell computers when they were
connected to Dell's online support service. In this case, the computer's model
number could be checked, and the support system would have then provided tailored advice and run automated fixes.

In addition to creating tailored support, however, the inadvertent exploit
has now made it possible for hackers to eavesdrop on all SSL connections made to
secure websites (including online banking, for example).

Hackers Could Pose as Any Legitimate Website

In order for the attack to work, the a
hacker would need to be on the same network as the victim - most likely through
a public WiFi hotspot. Once a connection is made, the hacker could then sniff
data the user was sending to any secure website (due to both the private
key and root certificate being available).

The result is a recipe for an attack that would be challenging to pull off, but
extremely devastating. For example, any user with an exploited machine could
have any of the following sniffed: banking details, user names and passwords,
social security numbers, credit card information, and the like.

All data sent to and from affected computers would be in an unencrypted form, but the victim would
never know the connection was compromised. Furthermore, the connection would
still be listed as a secure connection in the web browser, making it appear to
be a secure connection, when the opposite is true.

It would also be possible for hackers to
generate bogus web certificates and redirect users to malicious websites in
order to phish for sensitive information.

The only way to know if something was amiss is if users view the SSL
certificate in the web browser for each SSL connection made, and then manually
validate that the site they are connected to matches the web and IP address of
the certificate.

How to Remove Rogue 'eDell Root' Certificate Exploit

Dell has published details of how to remove the certificate on its website. It will also be sending out an automatic update to permanently remove the certificate in the coming days. (Source: dell.com)

Exactly which models are affected isn't confirmed by Dell yet, but one report lists the Inspiron 3647, Inspiron 5000, Inspiron 5547, Latitude E7450, Precision M4800 and XPS
15. There's also an independently run website at
tlsfun.de which will check for the presence of the rogue certificate. (Source:
grahamcluley.com)

What's Your Opinion?

Do you have one of the affected models? Had you heard anything from Dell before reading this article? Has Dell done enough to explain how the problem occurred and reassure customers it will never happen again?

Comments

This is probably the worst of the worst exploits you can have, and would go completely unnoticed as it would not be detected through antivirus or antimalware software. If you own a Dell, please visit the tlsfun.de site to see if your system is exploitable. If it is, remove the root security certificate immediately (visit Dell's site to read how). Both links are in the above article.